Certain organizations may offer one or more cloud services to users over a network (e.g., the Internet). The cloud services may include computation, software, data access, storage services, etc. that physically reside elsewhere (e.g., another computer or the organizations data center) which users can access from their own computer or device over the network. Since confidential information may be sent to or received from these cloud services, access policies may limit access to cloud services depending on the user, device, network, etc.
Certain systems may include a single sign on (SSO) solution, that enables a user to access multiple cloud services (e.g., both private cloud services and public cloud services), using a single set of identification credentials. In some cases, however, a user may have multiple accounts for a single cloud service (e.g., a personal account and a corporate account). The multiple accounts may have different access credentials, store different data, etc. The SSO solution may use a password vault to manage the various individual passwords for different cloud services and for different accounts for a single cloud service. Conventionally, the SSO solution may not be able to determine which of the multiple accounts to use for access to a cloud service when a user logs in. Many systems require the user to manually select which account (and the corresponding credentials) they wish to use. This can be a tedious and time consuming task especially if the user has many different accounts.
In addition, certain cloud services may allow access to both public and confidential information. In cases where confidential information is accessed, it may be desirable to require a higher level of security, such as a second authentication factor besides the identification credentials used for the SSO solution. Conventional systems require that the decision of whether to request the second authentication factor or not be set ahead of time in a static configuration regardless of what information is being accessed. This may lead to unnecessary security precautions when only public information is being accessed or to inadequate security for confidential information.